It's been a while since I've looked into changing up my firewall lineup a bit, so tried out a few to see how they've progressed. My requirements are pretty simple; must be lightweight and no-antivirus, although I don't mind the HIPS portions. (I use on-demand scanners, and any unknown new downloads are run in a VM or sandbox, I don't care for real time protection dragging the systems performance down.. I use common sense for that mostly.)

A few I'm liking, but there's a couple little things that keep it from being permanently installed. So firing off a couple questions about each, in case someone might have an answer.

PCTools Firewall 7. I actually kind of like this one; lightweight, not too chatty, enough fine tuning control for my needs. It won't pass every leak test, but again that's not why I'm running this. What's killing it for me is that I do a lot of development work on various server applications, and every time I compile a binary to test, the firewall has to let me know about it. Is there any way to tell PCTools to ignore if a program has changed? I don't mind it asking the first time if it can listen for connections, but it gets old really quick during frequent builds, and disabling the firewall during coding sessions is just silly.

ZoneAlarm Pro 9, firewall only. I was kind of surprised by this one, nowhere near as heavy in resource usage as it used to be, and was actually liking it. I could tell it that a program changes frequently (see above). Then I noticed that every time an alert pops up, it stole keyboard focus. If you were in the middle of typing something, chances are you just allowed something through.. about as useful as just clicking "accept" to everything without reading. I found a few threads on their forums about this, but zero answers.. I tried making a new thread there too, but they kept deleting my messages, apparently criticizing that behavior is considered "disparaging" and was told to try a different firewall. CheckPoint, your support forum moderators suck. Now that's disparaging.

Right now I'm experimenting with Comodo and Defense+, so far I'm liking this one, but it's still pretty chatty yet.. not sure if I'm keeping it. Fiddling with Defense+'s settings a bit, not going to disable it though, as I may as well just use Windows Firewall in that case. Any suggestions on keeping it set to look for trouble without asking me about anything and everything that opens?

Windows Firewall. To be honest, I really don't need to know about every connection that's being made. I keep a close eye on my systems, I know what they're doing, and nothing gets installed without a careful going over in a sandbox/VM first, which do have full time overblown protection. How about WF and some sort of behavorial scanning? I've read mixed reviews about ThreatFire for example.. I like that it's pretty lightweight, but heard about potential performance issues, compatibility problems, etc etc. I ran it a few years back, and was happy but ran into it "eating" a few files occasionally, a bug that was fixed as far as I know. Anything along the lines of ThreatFire I should be looking at?

Sorry for the wall of text, just looking for any suggestions/input. Thanks.

tl;dr:
ZoneAlarm - any way to stop it from stealing keyboard focus on alerts?
PCTools - any way to get it to stop checking for a program whose binaries have changed?
ThreatFire/Windows Firewall - Any good, or anything similar I should be looking at?

use zonealarm free firewall. i use it for a couple of years and i love it. not intrusive, blocks everything from the outside, completely stealth on the internet. i wouldn`t change it for nothing!

Click to expand...

I was testing the latest Pro version, and was actually liking it. Was using very little in the line of resources, reminds me of the old old v4 and v5 series, not the bloated pigs that 7 and 8 were. Not going to catch everything, which is fine, but what's killing it for me is the notifications. As soon as they pop up, they take keyboard focus, and if you're in the middle of typing something, chances are you're going to allow something through whether you wanted to or not. I had several "wait what?" moments while just doing basic work/typing. I read some messages on their forums that some people are getting that, some aren't, but nobody has an idea why or a fix. If I can get it to not take keyboard focus (which no firewall/security app should ever do) I'll gladly give it another go. Tried asking on their forums, but apparently pointing out a bug is a no-no there lol.

As soon as they pop up, they take keyboard focus, and if you're in the middle of typing something, chances are you're going to allow something through whether you wanted to or not. I had several "wait what?" moments while just doing basic work/typing. I read some messages on their forums that some people are getting that, some aren't, but nobody has an idea why or a fix. If I can get it to not take keyboard focus (which no firewall/security app should ever do) I'll gladly give it another go. Tried asking on their forums, but apparently pointing out a bug is a no-no there lol.

Click to expand...

Not sure what you mean. If you press enter when typing just as the alert pops up? Can this be fixed with TweakUI (General-Focus-Prevent Applications From Stealing Focus)?

You didn't say which version of Windows you were running. Regarding the server app testing, if you can configure them to use a single, non-standard port just for the testing, you could then make a firewall rule that allows inbound to that port for any application. This way, it would no longer matter if the app changes.